AMENDMENT UNDER 37 CF.R. §1.111 
^ U.S. APPLN. NO. 09/891,545 

ATTORNEY DOCKET NO. Q64735 

AMENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions and listings of claims in the 
application: 

LISTING OF CLAIMS: 

1 , (Currently Amended) A method M e thod for enabling a user registered in an Network 
Access Server as already connected to a host Virtual Private Network[[,]] call e d host Virtual 
Privat e Network, to communicate with at least one communication device outside of said host 
Virtual Private Network, said Network Access Server having access over a data communication 
network to said communication device and to a plurality of Virtual Private Networks including 
comprising said host Virtual Private Network, wherein said method comprises b eing 
characteriz e d in that it compris e s a step of sending messages belonging to a communication 
between said user and said communication device over a logical channel between said Network 
Access Server and said communication device, said logical channel referring to an identifier of 
said host Virtual Private Networ k to which said user is currently connected . 

2. (Currently Amended) The method M e thod according to claim 1, wherein said method 
charact e riz e d in that it further comprises th e st e ps of : 

detecting at said Network Access Server a message from said user destined to said 
communication device; and 

forwarding said message from said Network Access Server to said communication device 
over the logical channel referring to the identifier of said Virtual Private Network. 
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3. (Currently Amended) The method M e thod according to claim 1, wherein said method 
charact e riz e d in that it further comprises th e st e ps of : 

detecting a message from said communication device being received at said Network 
Access Server on the logical channel referring to the identifier of a Virtual Private Network, said 
message containing a user destination address; 

determining a user registered in said Network Access Server as already connected to said 
Virtual Private Network and corresponding to said destination address; and 

forwarding said message from said Network Access Server to said user. 

4. (Currently Amended) The method M e thod according to claim 1, wherein charact e riz e d 
in that said messages belonging to the communication between said user and said 
communication device are encapsulated in data packets, said data packets comprising a field 
containing said identifier of said host Virtual Private Network or an indication derived frome f 
said identifier. 

5. (Currently Amended) The method M e thod according to claim 4, wherein charact e riz e d 
in that said messages belonging to the communication between said user and said 
communication device are sent over a tunnel having said identifier of said host Virtual Private 
Network as tunnel identifier. 
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6. (Currently Amended) The method M e thod according to claim 1, wherein charact e riz e d 
in that said messages contain IP packets comprising an IP address of said user. 

7. (Currently Amended) The method M e thod according to claim 1, wherein charact e riz e d 
in that said communication device is a server belonging to a local Virtual Private Network[[,]] 
call e d local Virtual Privat e N e twork, associated to said Network Access Server and different 
from said host Virtual Private Network. 

8. (Currently Amended) A_Network Access Server for enabling a communication 
between a user and a communication device, said user being registered in said Network Access 
Server as already connected to a host Virtual Private Network, call e d host Virtual Private 
N e twork, said communication device being outside of said host Virtual Private Network, said 
Network Access Server being able to access to a database associating an identifier of said user to 
an identifier of said host Virtual Private Network, said Network Access Server comprising being 
charact e riz e d in that it further compris e s m eans for sending messages originating from said user 
and destined to said communication device on a logical channel between said Network Access 
Server and said communication device, said logical chaimel referring to said identifier of said 
host Virtual Private Networ k to which said user is currently connected . 
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9. (Currently Amended) A.Network Access Server for identifying univocallv rotrieving a 
user, from out of a plurality of users, to which a message sent by a communication device and 
received at said Network Access Serve r is d e stin e d , said user being already connected over said 
Network Access Server acc e ss s e rv e r to a Virtual Private Network not included in compri s ing 
said communication device, said Network Access Server being able to access to a database 
associating an identifier of said user to an identifier of said Virtual Private Network to which said 
user is already connected, said Network Access Server comprising: b e ing characteriz e d in that it 
compris e s 

a logical channel controller for determining a logical channel identifier of one logical 
channel on which said message is received at said Network Access server: and 

means for identifving r e tri e ving the user to which said message is destined, according to 
said logical channel identifier and said user identifier entrv-in said database. 

10. (New) A Network Access Server for enabling a communication between a user and a 
communication device, said user being registered in said Network Access Server as aheady 
connected to a host Virtual Private Network, said communication device being outside of said 
host Virtual Private Network, said Network Access Server being able to access to a database 
associating an identifier of said user to an identifier of said host Virtual Private Network, said 
Network Access Server comprising a forwarding engine for sending messages originating from 
said user and destined to said commimication device on a logical channel between said Network 
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Access Server and said communication device, said logical channel referring to said identifier of 
said host Virtual Private Network to which said user is currently connected. 

11. {New) The Network Access Server according to claim 10, further comprising a 
logical channel controller that directs the message on the logical channel between said Network 
Access Server and said communication device. 

12. {New) A Network Access Server for identifying a user, from a plurahty of users, to 
which a message sent by a communication device and received at said Network Access Server, 
said user being aheady connected over said Network Access Server to a Virtual Private Network 
not included in said communication device, said Network Access Server being able to access to a 
database associating an identifier of said user to an identifier of said Virtual Private Network to 
which said user is already connected, said Network Access Server comprising: 

a logical channel controller for determining a logical channel identifier of one logical 
channel on which said message is received at said Network Access server; and 

a database searcher for identifying the user to which said message is destined, according 
to said logical channel identifier and said user identifier in said database. 

13. {New) The Network Access Server according to claim 12, further comprising a 
forwarding engine that forwards said message from said logical controller to said user after said 
user has been identified. 
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